Google has reduced the number of compromised email accounts by...

company has instituted, following a change in spammer tactics in 2010 that led to a “large increase in fraudulent mail” from compromised Google accounts, he said. Though spammers can break into Web databases containing millions of usernames and passwords, and use them to hack Google accounts -- one “gang attempted sign-ins at a rate of more than 100 accounts per second” -- Google now checks “more than 120 variables” to judge whether a person signing into a Google account is the legitimate account holder, he said. Those include asking a person signing in “from a country oceans away” from the account’s last sign-in to provide the phone number associated with the account, Hearn said. Users can help themselves by using a “strong, unique password” for their account, opting in to two-step verification for their account, and updating “recovery options” in Google, such as secondary email address and phone number, he said. Facebook told users last week (http://on.fb.me/VW7Mfn) it was the victim of a “sophisticated attack” last month that took over “fully-patched” employee laptops, after a “handful of employees visited a mobile developer website that was compromised.” It “remediated” the infected machines, told law enforcement and started a “significant investigation into the exploit that continues to this day,” Facebook said: “We have found no evidence that Facebook user data was compromised.” The malware used a “zero-day” exploit to circumvent security protections in Oracle’s Java software, and while Facebook was one of the first to discover the malware, “it is clear that others were attacked and infiltrated as well,” it said: Facebook is collaborating with affected companies and entities through an “informal working group and other means."